Search
Sponsors
| 22 Aug '04 - 21:12 | maarten goet Latest SP2 Flaw Bypasses IE Security Zone
Security researchers have discovered another vulnerability in Windows XP Service Pack 2, but it doesn't appear to be an immediate threat. The researcher who uncovered the drag-and-drop flaw in Windows XP SP2 earlier in the week has reported that a new vulnerability exposes a hole in the lockdown of Internet Explorer's My Computer security zone.
The lockdown of the My Computer zone is one of the major security enhancements in SP2. Web pages in Internet Explorer run in one of several security "zones," each of which has different security rules. Prior to SP2, the My Computer zone—designed for Web pages stored on the computer itself—had extremely permissive rules. In order to take advantage of them, malware attacks frequently exploited vulnerabilities to get their Web-based pages to execute. Microsoft tightened the rules in SP2 to make it a less inviting target. (more)